Use is_user_member_of_blog() to check if the current user has been assigned to the blog in wp-admin/network/site-users.php. Then hook into template_redirect and run the test: add_action( ‘template_redirect’, function() { if ( ! is_user_member_of_blog() ) die( ‘Please ask the network administrator to get access to this blog.’ ); });
The REST API has no parameters, options to solve this – in my opinion. But you should register only if the users have the capability in his role, like the follow example. add_action( ‘rest_api_init’, function() { // Exit, if the logged in user have not enough rights. if ( ! current_user_can( ‘edit_posts’ ) ) { … Read more
It may be possible. A lot of the core API that deals with logins and cookies is pluggable. You could replace wp_set_current_user with something that queried your external database rather than the internal one, for instance. Authentication is already done via a the authenticate filter (wp_authenticate is the function that does this, and the filter … Read more
You’re correct in that you should be checking for a capability. However, manage options is only given to administrators by default. You should check against a capability that both editors and administrators have such as delete_others_posts. function restrict_admin(){ //if not administrator, kill WordPress execution and provide a message if ( ! current_user_can( ‘delete_others_posts’ ) ) … Read more
Looks like I found a snippet that do exactly that. It’s from Daniel Bachhuber, the API developer. add_filter( ‘rest_authentication_errors’, function( $result ) { if ( ! empty( $result ) ) { return $result; } if ( ! is_user_logged_in() ) { return new WP_Error( ‘restx_logged_out’, ‘Sorry, you must be logged in to make a request.’, array( … Read more
there you go, i’m not the only one trying to bring back-end functionality to the front-end. anyway its not that hard go to your “USER DASHBOARD” template’s file and locate where the loop starts something like: <?php if ( have_posts() ) : while ( have_posts() ) : the_post(); ?> and just above it paste this … Read more
We are using this wordpress plug in – New User Approve Provides functionality to approve/deny new user registrations.
wp_get_current_user then compare the object that’s returned user_login proprety with the specific username you’d like to check against. <?php add_action(‘admin_init’, ‘wpse74389_check_username’); function wpse74389_check_username() { $user = wp_get_current_user(); if($user && isset($user->user_login) && ‘username_to_check’ == $user->user_login) { // do stuff } }
Write this into a plugin: add_action( ‘template_redirect’, ‘auth_redirect’ ); As plugin on GitHub. This will force all visitors login if they aren’t already. In some cases, this is asking for a log-in every time. This might work better: is_admin() || add_action( ‘template_redirect’, function() { if ( ! is_user_logged_in() ) auth_redirect(); }); If you want to … Read more
Well, you have to ask yourself “Secure enough for what?” I doubt you are a bank or other institution that needs exceptionally high security. If you were you’d a team of $100,000+ per year experts to answer this question for you. With that in mind… You’d have to subvert the WordPress login system to get … Read more